{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T16:05:52Z","timestamp":1775837152275,"version":"3.50.1"},"reference-count":51,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2021,2,11]],"date-time":"2021-02-11T00:00:00Z","timestamp":1613001600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["1840197"],"award-info":[{"award-number":["1840197"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Digital Threats"],"published-print":{"date-parts":[[2021,3,31]]},"abstract":"<jats:p>\n            Security and privacy of the Internet Domain Name System (DNS) have been longstanding concerns. Recently, there is a trend to protect DNS traffic using Transport Layer Security (TLS). However, at least two major issues remain: (1) How do clients authenticate DNS-over-TLS endpoints in a scalable and extensible manner? and (2) How can clients trust endpoints to behave as expected? In this article, we propose a novel Private DNS-over-TLS (PDoT) architecture. PDoT includes a DNS Recursive Resolver (RecRes) that operates within a Trusted Execution Environment. Using\n            <jats:italic>Remote Attestation<\/jats:italic>\n            , DNS clients can authenticate and receive strong assurance of trustworthiness of PDoT RecRes. We provide an open source proof-of-concept implementation of PDoT and experimentally demonstrate that its latency and throughput match that of the popular Unbound DNS-over-TLS resolver.\n          <\/jats:p>","DOI":"10.1145\/3431171","type":"journal-article","created":{"date-parts":[[2021,2,12]],"date-time":"2021-02-12T05:05:32Z","timestamp":1613106332000},"page":"1-22","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["PDoT"],"prefix":"10.1145","volume":"2","author":[{"given":"Yoshimichi","family":"Nakatsuka","sequence":"first","affiliation":[{"name":"University of California, Irvine"}]},{"given":"Andrew","family":"Paverd","sequence":"additional","affiliation":[{"name":"Microsoft, United Kingdom"}]},{"given":"Gene","family":"Tsudik","sequence":"additional","affiliation":[{"name":"University of California, Irvine"}]}],"member":"320","published-online":{"date-parts":[[2021,2,11]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Retrieved","year":"2019","unstructured":"2009. Introduction to DNSCurve . Retrieved May 29, 2019 from https:\/\/dnscurve.org\/index.html. 2009. Introduction to DNSCurve. Retrieved May 29, 2019 from https:\/\/dnscurve.org\/index.html."},{"key":"e_1_2_1_2_1","volume-title":"Proceedings of the 2013 IEEE 33rd International Conference on Distributed Computing Systems. 41--51","author":"Acs G.","unstructured":"G. Acs , M. Conti , P. Gasti , C. Ghali , and G. Tsudik . 2013. Cache privacy in named-data networking . In Proceedings of the 2013 IEEE 33rd International Conference on Distributed Computing Systems. 41--51 . G. Acs, M. Conti, P. Gasti, C. Ghali, and G. Tsudik. 2013. Cache privacy in named-data networking. In Proceedings of the 2013 IEEE 33rd International Conference on Distributed Computing Systems. 41--51."},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the ACM Cloud Computing Security Workshop (CCSW\u201919)","author":"Alder Fritz","year":"2019","unstructured":"Fritz Alder , N. Asokan , Arseny Kurnikov , Andrew Paverd , and Michael Steiner . 2019 . S-FaaS: Trustworthy and accountable function-as-a-service using Intel SGX . In Proceedings of the ACM Cloud Computing Security Workshop (CCSW\u201919) . Fritz Alder, N. Asokan, Arseny Kurnikov, Andrew Paverd, and Michael Steiner. 2019. S-FaaS: Trustworthy and accountable function-as-a-service using Intel SGX. In Proceedings of the ACM Cloud Computing Security Workshop (CCSW\u201919)."},{"key":"e_1_2_1_4_1","volume-title":"Retrieved","author":"Anstee Darren","year":"2020","unstructured":"Darren Anstee . 2020 . Disappearing DNS: DoT and DoH, Where One Letter Makes a Great Difference . Retrieved May 15, 2020 from https:\/\/www.securitymagazine.com\/articles\/91674-disappearing-dns-dot-and-doh-where-one-letter-makes-a-great-difference. Darren Anstee. 2020. Disappearing DNS: DoT and DoH, Where One Letter Makes a Great Difference. Retrieved May 15, 2020 from https:\/\/www.securitymagazine.com\/articles\/91674-disappearing-dns-dot-and-doh-where-one-letter-makes-a-great-difference."},{"key":"#cr-split#-e_1_2_1_5_1.1","doi-asserted-by":"crossref","unstructured":"R. Arends R. Austein M. Larson D. Massey and S. Rose. 2005. DNS Security Introduction and Requirements. Technical Report. DOI:https:\/\/doi.org\/10.17487\/rfc4033 10.17487\/rfc4033","DOI":"10.17487\/rfc4033"},{"key":"#cr-split#-e_1_2_1_5_1.2","doi-asserted-by":"crossref","unstructured":"R. Arends R. Austein M. Larson D. Massey and S. Rose. 2005. DNS Security Introduction and Requirements. Technical Report. DOI:https:\/\/doi.org\/10.17487\/rfc4033","DOI":"10.17487\/rfc4033"},{"key":"e_1_2_1_6_1","volume-title":"Retrieved","author":"ARM.","year":"2009","unstructured":"ARM. 2009 . ARM Security Technology\u2014Building a Secure System using TrustZone Technology . Retrieved May 29, 2019 from http:\/\/infocenter.arm.com\/help\/index.jsp?topic&equals;\/com.arm.doc.prd29-genc-009492c\/index.html. ARM. 2009. ARM Security Technology\u2014Building a Secure System using TrustZone Technology. Retrieved May 29, 2019 from http:\/\/infocenter.arm.com\/help\/index.jsp?topic&equals;\/com.arm.doc.prd29-genc-009492c\/index.html."},{"key":"e_1_2_1_8_1","unstructured":"S Bortzmeyer. 2018. Encryption and authentication of the DNS resolver-to-authoritative communication. Retrieved from https:\/\/tools.ietf.org\/html\/draft-bortzmeyer-dprive-resolver-to-auth-01.  S Bortzmeyer. 2018. Encryption and authentication of the DNS resolver-to-authoritative communication. Retrieved from https:\/\/tools.ietf.org\/html\/draft-bortzmeyer-dprive-resolver-to-auth-01."},{"key":"e_1_2_1_9_1","volume-title":"Retrieved","author":"Brodkin Jon","year":"2020","unstructured":"Jon Brodkin . 2020 . Firefox turns encrypted DNS on by default to thwart snooping ISPs . Retrieved May 15, 2020 from https:\/\/arstechnica.com\/information-technology\/2020\/02\/firefox-turns-encrypted-dns-on-by-default-to-thwart-snooping-isps\/. Jon Brodkin. 2020. Firefox turns encrypted DNS on by default to thwart snooping ISPs. Retrieved May 15, 2020 from https:\/\/arstechnica.com\/information-technology\/2020\/02\/firefox-turns-encrypted-dns-on-by-default-to-thwart-snooping-isps\/."},{"key":"e_1_2_1_10_1","volume-title":"Anonymous Resolution of DNS Queries","author":"Castillo-Perez Sergio","unstructured":"Sergio Castillo-Perez and Joaquin Garcia-Alfaro . 2008. Anonymous Resolution of DNS Queries . Springer , Berlin , 987--1000. DOI:https:\/\/doi.org\/10.1007\/978-3-540-88873-4_5 10.1007\/978-3-540-88873-4_5 Sergio Castillo-Perez and Joaquin Garcia-Alfaro. 2008. Anonymous Resolution of DNS Queries. Springer, Berlin, 987--1000. DOI:https:\/\/doi.org\/10.1007\/978-3-540-88873-4_5"},{"key":"e_1_2_1_12_1","volume-title":"Retrieved","year":"2019","unstructured":"Cloudflare. DNS over TLS\u2014Cloudflare Resolver . Retrieved May 29, 2019 from https:\/\/1.1.1.1\/dns\/. Cloudflare. DNS over TLS\u2014Cloudflare Resolver. Retrieved May 29, 2019 from https:\/\/1.1.1.1\/dns\/."},{"key":"e_1_2_1_13_1","unstructured":"Cloudflare. [n.d.]. 1.1.1.1 Resolver Examination Report. Retrieved from https:\/\/www.cloudflare.com\/compliance\/.  Cloudflare. [n.d.]. 1.1.1.1 Resolver Examination Report. Retrieved from https:\/\/www.cloudflare.com\/compliance\/."},{"key":"e_1_2_1_14_1","unstructured":"Cloudflare. [n.d.]. Announcing 1.1.1.1: The Fastest Privacy-first Consumer DNS Service. Retrieved from https:\/\/blog.cloudflare.com\/announcing-1111\/.  Cloudflare. [n.d.]. Announcing 1.1.1.1: The Fastest Privacy-first Consumer DNS Service. Retrieved from https:\/\/blog.cloudflare.com\/announcing-1111\/."},{"key":"e_1_2_1_15_1","unstructured":"Cloudflare. [n.d.]. Announcing the Results of the 1.1.1.1 Public DNS Resolver Privacy Examination. Retrieved from https:\/\/blog.cloudflare.com\/announcing-the-results-of-the-1-1-1-1-public-dns-resolver-privacy-examination\/.  Cloudflare. [n.d.]. Announcing the Results of the 1.1.1.1 Public DNS Resolver Privacy Examination. Retrieved from https:\/\/blog.cloudflare.com\/announcing-the-results-of-the-1-1-1-1-public-dns-resolver-privacy-examination\/."},{"key":"e_1_2_1_16_1","unstructured":"Manuel Costa Lawrence Esswood Olga Ohrimenko Felix Schuster and Sameer Wagh. 2017. The pyramid scheme: Oblivious RAM for trusted processors. arXiv:1712.07882. Retrieved from https:\/\/arxiv.org\/abs\/1712.07882.  Manuel Costa Lawrence Esswood Olga Ohrimenko Felix Schuster and Sameer Wagh. 2017. The pyramid scheme: Oblivious RAM for trusted processors. arXiv:1712.07882. Retrieved from https:\/\/arxiv.org\/abs\/1712.07882."},{"key":"e_1_2_1_17_1","volume-title":"Sanctum: Minimal Hardware Extensions for Strong Software Isolation. 857--874. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technicalsessions\/presentation\/costan.","author":"Costan Victor","year":"2016","unstructured":"Victor Costan , Ilia Lebedev , and Srinivas Devadas . 2016 . Sanctum: Minimal Hardware Extensions for Strong Software Isolation. 857--874. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technicalsessions\/presentation\/costan. Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. 857--874. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technicalsessions\/presentation\/costan."},{"key":"e_1_2_1_18_1","volume-title":"Retrieved","year":"2019","unstructured":"cs.nic. 2019 . Knot Resolver . Retrieved May 29, 2019 from https:\/\/www.knot-resolver.cz\/. cs.nic. 2019. Knot Resolver. Retrieved May 29, 2019 from https:\/\/www.knot-resolver.cz\/."},{"key":"#cr-split#-e_1_2_1_19_1.1","doi-asserted-by":"crossref","unstructured":"T. Dierks and E. Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. Technical Report. DOI:https:\/\/doi.org\/10.17487\/rfc5246 10.17487\/rfc5246","DOI":"10.17487\/rfc5246"},{"key":"#cr-split#-e_1_2_1_19_1.2","doi-asserted-by":"crossref","unstructured":"T. Dierks and E. Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. Technical Report. DOI:https:\/\/doi.org\/10.17487\/rfc5246","DOI":"10.17487\/rfc5246"},{"key":"e_1_2_1_20_1","unstructured":"Huayi Duan Cong Wang Xingliang Yuan Yajin Zhou Qian Wang and Kui Ren. 2017. LightBox: Full-stack protected stateful middlebox at lightning speed. arxiv:1706.06261. Retrieved from http:\/\/arxiv.org\/abs\/1706.06261.  Huayi Duan Cong Wang Xingliang Yuan Yajin Zhou Qian Wang and Kui Ren. 2017. LightBox: Full-stack protected stateful middlebox at lightning speed. arxiv:1706.06261. Retrieved from http:\/\/arxiv.org\/abs\/1706.06261."},{"key":"e_1_2_1_22_1","volume-title":"Retrieved","author":"Edmundson Annie","year":"2018","unstructured":"Annie Edmundson , Paul Schmitt , and Nick Feamster . 2018 . ODNS: Oblivious DNS . Retrieved May 29, 2019 from https:\/\/odns.cs.princeton.edu\/. Annie Edmundson, Paul Schmitt, and Nick Feamster. 2018. ODNS: Oblivious DNS. Retrieved May 29, 2019 from https:\/\/odns.cs.princeton.edu\/."},{"key":"e_1_2_1_23_1","volume-title":"Privacy-preserving DNS: Analysis of Broadcast, Range Queries and Mix-based Protection Methods","author":"Federrath Hannes","unstructured":"Hannes Federrath , Karl-Peter Fuchs , Dominik Herrmann , and Christopher Piosecny . 2011. Privacy-preserving DNS: Analysis of Broadcast, Range Queries and Mix-based Protection Methods . Springer , Berlin , 665--683. DOI:https:\/\/doi.org\/10.1007\/978-3-642-23822-2_36 10.1007\/978-3-642-23822-2_36 Hannes Federrath, Karl-Peter Fuchs, Dominik Herrmann, and Christopher Piosecny. 2011. Privacy-preserving DNS: Analysis of Broadcast, Range Queries and Mix-based Protection Methods. Springer, Berlin, 665--683. DOI:https:\/\/doi.org\/10.1007\/978-3-642-23822-2_36"},{"key":"e_1_2_1_24_1","volume-title":"Proceedings of the 2018 48th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN\u201918)","author":"Goltzsche David","year":"2018","unstructured":"David Goltzsche , Signe Rusch , Manuel Nieke , Sebastien Vaucher , Nico Weichbrodt , Valerio Schiavoni , Pierre-Louis Aublin , Paolo Cosa , Christof Fetzer , Pascal Felber , Peter Pietzuch , and Rudiger Kapitza . 2018 . EndBox: Scalable middlebox functions using client-side trusted execution . In Proceedings of the 2018 48th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN\u201918) . IEEE, 386--397. DOI:https:\/\/doi.org\/10.1109\/DSN.2018.00048 10.1109\/DSN.2018.00048 David Goltzsche, Signe Rusch, Manuel Nieke, Sebastien Vaucher, Nico Weichbrodt, Valerio Schiavoni, Pierre-Louis Aublin, Paolo Cosa, Christof Fetzer, Pascal Felber, Peter Pietzuch, and Rudiger Kapitza. 2018. EndBox: Scalable middlebox functions using client-side trusted execution. In Proceedings of the 2018 48th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN\u201918). IEEE, 386--397. DOI:https:\/\/doi.org\/10.1109\/DSN.2018.00048"},{"key":"e_1_2_1_25_1","volume-title":"Retrieved","year":"2018","unstructured":"Google. 2018 . DNS over TLS Support in Android P Developer Preview . Retrieved May 29, 2019 from https:\/\/security.googleblog.com\/2018\/04\/dns-over-tls-support-in-android-p.html. Google. 2018. DNS over TLS Support in Android P Developer Preview. Retrieved May 29, 2019 from https:\/\/security.googleblog.com\/2018\/04\/dns-over-tls-support-in-android-p.html."},{"key":"#cr-split#-e_1_2_1_27_1.1","doi-asserted-by":"crossref","unstructured":"P. Hoffman and P. McManus. 2018. DNS Queries over HTTPS (DoH). DOI:https:\/\/doi.org\/10.17487\/RFC8484 10.17487\/RFC8484","DOI":"10.17487\/RFC8484"},{"key":"#cr-split#-e_1_2_1_27_1.2","doi-asserted-by":"crossref","unstructured":"P. Hoffman and P. McManus. 2018. DNS Queries over HTTPS (DoH). DOI:https:\/\/doi.org\/10.17487\/RFC8484","DOI":"10.17487\/RFC8484"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359989.3365429"},{"key":"#cr-split#-e_1_2_1_29_1.1","doi-asserted-by":"crossref","unstructured":"Zi Hu Liang Zhu John Heidemann Allison Mankin Duane Wessels and P. Hoffman. 2016. Specification for DNS over Transport Layer Security (TLS). Technical Report. DOI:https:\/\/doi.org\/10.17487\/RFC7858 10.17487\/RFC7858","DOI":"10.17487\/RFC7858"},{"key":"#cr-split#-e_1_2_1_29_1.2","doi-asserted-by":"crossref","unstructured":"Zi Hu Liang Zhu John Heidemann Allison Mankin Duane Wessels and P. Hoffman. 2016. Specification for DNS over Transport Layer Security (TLS). Technical Report. DOI:https:\/\/doi.org\/10.17487\/RFC7858","DOI":"10.17487\/RFC7858"},{"key":"e_1_2_1_30_1","volume-title":"Retrieved","author":"Jensen Tommy","year":"2019","unstructured":"Tommy Jensen , Ivan Pashov , and Gabriel Montenegro . 2019 . Windows Will Improve User Privacy with DNS over HTTPS . Retrieved May 15, 2020 from https:\/\/techcommunity.microsoft.com\/t5\/networking-blog\/windows-will-improve-user-privacy-with-dns-over-https\/ba-p\/1014229. Tommy Jensen, Ivan Pashov, and Gabriel Montenegro. 2019. Windows Will Improve User Privacy with DNS over HTTPS. Retrieved May 15, 2020 from https:\/\/techcommunity.microsoft.com\/t5\/networking-blog\/windows-will-improve-user-privacy-with-dns-over-https\/ba-p\/1014229."},{"key":"e_1_2_1_31_1","unstructured":"Thomas Knauth Michael Steiner Somnath Chakrabarti Li Lei Cedric Xing and Mona Vij. 2018. Integrating remote attestation with transport layer security. arxiv:1801.05863. Retrieved from http:\/\/arxiv.org\/abs\/1801.05863.  Thomas Knauth Michael Steiner Somnath Chakrabarti Li Lei Cedric Xing and Mona Vij. 2018. Integrating remote attestation with transport layer security. arxiv:1801.05863. Retrieved from http:\/\/arxiv.org\/abs\/1801.05863."},{"key":"e_1_2_1_32_1","unstructured":"SPROUT Lab. 2019. PDoT Source Code. Retrieved from https:\/\/github.com\/sprout-uci\/PDoT.  SPROUT Lab. 2019. PDoT Source Code. Retrieved from https:\/\/github.com\/sprout-uci\/PDoT."},{"key":"e_1_2_1_33_1","unstructured":"NLnet Labs. Stubby. Retrieved May 29 2019 from https:\/\/dnsprivacy.org\/wiki\/display\/DP\/DNS+Privacy+Daemon+-+Stubby.  NLnet Labs. Stubby. Retrieved May 29 2019 from https:\/\/dnsprivacy.org\/wiki\/display\/DP\/DNS+Privacy+Daemon+-+Stubby."},{"key":"e_1_2_1_34_1","unstructured":"NLnet Labs. Unbound. Retrieved May 29 2019 from https:\/\/nlnetlabs.nl\/projects\/unbound\/about\/.  NLnet Labs. Unbound. Retrieved May 29 2019 from https:\/\/nlnetlabs.nl\/projects\/unbound\/about\/."},{"key":"e_1_2_1_35_1","volume-title":"Proceedings of the 2015 IEEE Symposium on Security and Privacy. IEEE, 605--622","author":"Liu Fangfei","year":"2015","unstructured":"Fangfei Liu , Yuval Yarom , Qian Ge , Gernot Heiser , and Ruby B. Lee . 2015. Last-level cache side-channel attacks are practical . In Proceedings of the 2015 IEEE Symposium on Security and Privacy. IEEE, 605--622 . DOI:https:\/\/doi.org\/10.1109\/SP. 2015 .43 10.1109\/SP.2015.43 Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-level cache side-channel attacks are practical. In Proceedings of the 2015 IEEE Symposium on Security and Privacy. IEEE, 605--622. DOI:https:\/\/doi.org\/10.1109\/SP.2015.43"},{"key":"e_1_2_1_36_1","volume-title":"Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC. Association for Computing Machinery","author":"Lu Chaoyi","year":"2019","unstructured":"Chaoyi Lu , Baojun Liu , Zhou Li , Shuang Hao , Haixin Duan , Mingming Zhang , Chunying Leng , Ying Liu , Zaifeng Zhang , and Jianping Wu . 2019 . An end-to-end, large-scale measurement of DNS-over-encryption: How far have we come? In Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC. Association for Computing Machinery , New York, NY, 22--35. DOI:https:\/\/doi.org\/10.1145\/3355369.3355580 10.1145\/3355369.3355580 Chaoyi Lu, Baojun Liu, Zhou Li, Shuang Hao, Haixin Duan, Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang, and Jianping Wu. 2019. An end-to-end, large-scale measurement of DNS-over-encryption: How far have we come? In Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC. Association for Computing Machinery, New York, NY, 22--35. DOI:https:\/\/doi.org\/10.1145\/3355369.3355580"},{"key":"e_1_2_1_37_1","volume-title":"Proceedings of the 2010 IEEE 10th International Conference on Peer-to-Peer Computing (P2P\u201910)","author":"Lu Y.","year":"2010","unstructured":"Y. Lu and G. Tsudik . 2010. Towards plugging privacy leaks in the domain name system . In Proceedings of the 2010 IEEE 10th International Conference on Peer-to-Peer Computing (P2P\u201910) . IEEE, 1--10. DOI:https:\/\/doi.org\/10.1109\/P2P. 2010 .5569976 10.1109\/P2P.2010.5569976 Y. Lu and G. Tsudik. 2010. Towards plugging privacy leaks in the domain name system. In Proceedings of the 2010 IEEE 10th International Conference on Peer-to-Peer Computing (P2P\u201910). IEEE, 1--10. DOI:https:\/\/doi.org\/10.1109\/P2P.2010.5569976"},{"key":"e_1_2_1_38_1","unstructured":"Majestic. 2012. Majestic Million. Retrieved from https:\/\/blog.majestic.com\/development\/majestic-million-csv-daily\/.  Majestic. 2012. Majestic Million. Retrieved from https:\/\/blog.majestic.com\/development\/majestic-million-csv-daily\/."},{"key":"e_1_2_1_39_1","volume-title":"Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP\u201913)","author":"McKeen Frank","unstructured":"Frank McKeen , Ilya Alexandrovich , Alex Berenzon , Carlos V. Rozas , Hisham Shafi , Vedvyas Shanbhogue , and Uday R. Savagaonkar . 2013. Innovative instructions and software model for isolated execution . In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP\u201913) . ACM Press, New York, New York, 1 page. DOI:https:\/\/doi.org\/10.1145\/2487726.2488368 10.1145\/2487726.2488368 Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP\u201913). ACM Press, New York, New York, 1 page. DOI:https:\/\/doi.org\/10.1145\/2487726.2488368"},{"key":"e_1_2_1_40_1","volume-title":"Retrieved","year":"2017","unstructured":"Microsoft. 2017 . Introducing Azure Confidential Computing . Retrieved May 29, 2019 https:\/\/azure.microsoft.com\/en-us\/blog\/introducing-azure-confidential-computing\/. Microsoft. 2017. Introducing Azure Confidential Computing. Retrieved May 29, 2019 https:\/\/azure.microsoft.com\/en-us\/blog\/introducing-azure-confidential-computing\/."},{"key":"e_1_2_1_42_1","volume-title":"Retrieved","author":"Project Crypt","year":"2019","unstructured":"DNS Crypt Project . 2019 . DNSCrypt . Retrieved May 29, 2019 from https:\/\/dnscrypt.info\/. DNSCrypt Project. 2019. DNSCrypt. Retrieved May 29, 2019 from https:\/\/dnscrypt.info\/."},{"key":"e_1_2_1_43_1","first-page":"549","article-title":"ZeroTrace: Oblivious memory primitives from Intel SGX","volume":"2017","author":"Sasy Sajin","year":"2017","unstructured":"Sajin Sasy , Sergey Gorbunov , and Christopher W. Fletcher . 2017 . ZeroTrace: Oblivious memory primitives from Intel SGX . IACR Cryptology ePrint Archive 2017 (2017), 549 . Sajin Sasy, Sergey Gorbunov, and Christopher W. Fletcher. 2017. ZeroTrace: Oblivious memory primitives from Intel SGX. IACR Cryptology ePrint Archive 2017 (2017), 549.","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_2_1_44_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS\u201917)","author":"Shih Ming-Wei","year":"2017","unstructured":"Ming-Wei Shih , Sangho Lee , Taesoo Kim , and Marcus Peinado . 2017 . T-SGX: Eradicating controlled-channel attacks against enclave programs . In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201917) . Ming-Wei Shih, Sangho Lee, Taesoo Kim, and Marcus Peinado. 2017. T-SGX: Eradicating controlled-channel attacks against enclave programs. In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201917)."},{"key":"e_1_2_1_45_1","volume-title":"Proceedings of the 13th Workshop on Privacy in the Electronic Society (WPES\u201914)","author":"Shulman Haya","year":"2014","unstructured":"Haya Shulman and Haya. 2014 . Pretty bad privacy: Pitfalls of DNS encryption . In Proceedings of the 13th Workshop on Privacy in the Electronic Society (WPES\u201914) . ACM Press, New York, NY, 191--200. DOI:https:\/\/doi.org\/10.1145\/2665943.2665959 10.1145\/2665943.2665959 Haya Shulman and Haya. 2014. Pretty bad privacy: Pitfalls of DNS encryption. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (WPES\u201914). ACM Press, New York, NY, 191--200. DOI:https:\/\/doi.org\/10.1145\/2665943.2665959"},{"key":"e_1_2_1_46_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS\u201920)","author":"Siby Sandra","year":"2020","unstructured":"Sandra Siby , Marc Juarez , Claudia Diaz , Narseo Vallina-Rodriguez , and Carmela Troncoso . 2020 . Encrypted DNS --&gt; Privacy? A traffic analysis perspective . In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201920) . DOI:https:\/\/doi.org\/10.14722\/ndss.2020.24301 arxiv:1906.09682 10.14722\/ndss.2020.24301 Sandra Siby, Marc Juarez, Claudia Diaz, Narseo Vallina-Rodriguez, and Carmela Troncoso. 2020. Encrypted DNS --&gt; Privacy? A traffic analysis perspective. In Proceedings of the Network and Distributed System Security Symposium (NDSS\u201920). DOI:https:\/\/doi.org\/10.14722\/ndss.2020.24301 arxiv:1906.09682"},{"key":"e_1_2_1_47_1","volume-title":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS\u201917)","author":"Tamrakar Sandeep","unstructured":"Sandeep Tamrakar , Jian Liu , Andrew Paverd , Jan-Erik Ekberg , Benny Pinkas , and N. Asokan . 2017. The circle game: Scalable private membership test using trusted hardware . In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS\u201917) . DOI:https:\/\/doi.org\/10.1145\/3052973.3053006 10.1145\/3052973.3053006 Sandeep Tamrakar, Jian Liu, Andrew Paverd, Jan-Erik Ekberg, Benny Pinkas, and N. Asokan. 2017. The circle game: Scalable private membership test using trusted hardware. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS\u201917). DOI:https:\/\/doi.org\/10.1145\/3052973.3053006"},{"key":"e_1_2_1_48_1","volume-title":"Proceedings of the Symposium on SDN Research (SOSR\u201918)","author":"Trach Bohdan","year":"2018","unstructured":"Bohdan Trach , Alfred Krohmer , Franz Gregor , Sergei Arnautov , Pramod Bhatotia , and Christof Fetzer . 2018 . ShieldBox: Secure middleboxes using shielded execution . In Proceedings of the Symposium on SDN Research (SOSR\u201918) . ACM Press, New York, New York, 1--14. DOI:https:\/\/doi.org\/10.1145\/3 185467.3185469 10.1145\/3185467.3185469 Bohdan Trach, Alfred Krohmer, Franz Gregor, Sergei Arnautov, Pramod Bhatotia, and Christof Fetzer. 2018. ShieldBox: Secure middleboxes using shielded execution. In Proceedings of the Symposium on SDN Research (SOSR\u201918). ACM Press, New York, New York, 1--14. DOI:https:\/\/doi.org\/10.1145\/3185467.3185469"},{"key":"e_1_2_1_49_1","volume-title":"Proceedings of the 2015 IEEE Symposium on Security and Privacy. IEEE, 640--656","author":"Xu Yuanzhong","year":"2015","unstructured":"Yuanzhong Xu , Weidong Cui , and Marcus Peinado . 2015 . Controlled-channel attacks: Deterministic side channels for untrusted operating systems . In Proceedings of the 2015 IEEE Symposium on Security and Privacy. IEEE, 640--656 . DOI:https:\/\/doi.org\/10.1109\/SP.2015.45 10.1109\/SP.2015.45 Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Proceedings of the 2015 IEEE Symposium on Security and Privacy. IEEE, 640--656. DOI:https:\/\/doi.org\/10.1109\/SP.2015.45"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/MUE.2007.84"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/IPC.2007.107"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.18"}],"container-title":["Digital Threats: Research and Practice"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3431171","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3431171","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3431171","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:24:45Z","timestamp":1750195485000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3431171"}},"subtitle":["Private DNS-over-TLS with TEE Support"],"short-title":[],"issued":{"date-parts":[[2021,2,11]]},"references-count":51,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,3,31]]}},"alternative-id":["10.1145\/3431171"],"URL":"https:\/\/doi.org\/10.1145\/3431171","relation":{},"ISSN":["2692-1626","2576-5337"],"issn-type":[{"value":"2692-1626","type":"print"},{"value":"2576-5337","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,2,11]]},"assertion":[{"value":"2020-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-10-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-02-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}